-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement optional contributory behaviour check #78
Implement optional contributory behaviour check #78
Conversation
I agree that this function needs to be available. The HPKE spec requires this check, and the way it's performed now could be better. I think, given this, the docs don't have to do as much justification as they currently do. A simple paragraph explaining what the check does and a link to one of the included blog posts would be sufficient I think. On naming, I think the function should be called |
Totally supportive of adding this, given how people are using X25519 to do all kind of things now. And how about adding a ct check to see if the resulting shared secret is all zeroes or not? |
/// [relevant]: https://tools.ietf.org/html/rfc7748#page-15 | ||
/// [public]: https://vnhacker.blogspot.com/2015/09/why-not-validating-curve25519-public.html | ||
/// [discussions]: https://vnhacker.blogspot.com/2016/08/the-internet-of-broken-protocols.html | ||
pub fn was_contributory(&self) -> bool { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#[must_use]
seems appropriate here
Good call, thanks! (Oops, I accidentally deleted @rozbb's original comment somehow.)
That's not necessary, as those are checking that the other party's public keys are not points of small order. Any such public keys would result in the shared secret being the identity element. Thus, we only check afterwards that the shared secret is not the identity.
This is a constant time check for if the resulting shared secret is the identity (all zeroes). |
No description provided.